Domain-name based ssh login attempts

David — Wed, 23 Apr 2008 11:46:36 +0000

The last few weeks I have noticed some illicit ssh login attempts that uses parts of the reverse DNS domain name as user name when it tries to login. The last attempt looked like this in my LogWatch summary:

Illegal users from these:
    195.38.107.55 (aquila.euroexpert.tvnet.hu): 9 times
       root/password: 4 times
       cenara/password: 2 times
       ip-83-209-13-88/password: 2 times
       ip-83-209-13-88.cenara.com/password: 1 time

As you can see, the secondary and tertiary domain name, along with the full domain name, was tried as user name when attempting to login. I guess that the attack script tries with a blank password and also with the same password as user name.

Ant “replace” task does not preserve Unix file permissions

David — Tue, 18 Dec 2007 12:34:50 +0000

This is probably a well-known fact for everyone who has used Ant on Unix for a while, but an annoying discovery for me who have been hiding under a C++ rock. The five year old bug report File Permissions not preserved in replace task pretty much says it all: Java couldn’t stat files, and it seems like it still can’t.

Update The “replace” task destroys file ownership too, of course.

Divide and Conquer » Unix

Domain-name based ssh login attempts

Ant “replace” task does not preserve Unix file permissions